diff options
| author |  Benjamin Kampmann <ben@create-build-execute.com> | 2016-03-10 16:03:37 +0100 |
|---|---|---|
| committer | Benjamin Kampmann <ben@create-build-execute.com> | 2016-03-10 16:05:14 +0100 |
| commit | fcb17bf090893d65a9007ecbef021efb18fd13a4 (patch) | |
| tree | dc11be4c364b48bcfb8efbde67ea9c643ae2384b | |
| parent | fixes (diff) | |
| download | firejail-fcb17bf090893d65a9007ecbef021efb18fd13a4.tar.gz firejail-fcb17bf090893d65a9007ecbef021efb18fd13a4.tar.zst firejail-fcb17bf090893d65a9007ecbef021efb18fd13a4.zip | |
Forward exit code from child process
This changeset reads the status code of the child process run inside the
sandbox and forwards it to the outer process. Which in turn makes that
result its own exiting status code.
Fixes #358
| -rw-r--r-- | src/firejail/main.c | 11 | ||||
| -rw-r--r-- | src/firejail/sandbox.c | 19 |
2 files changed, 23 insertions, 7 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index e2f197a92..eebb04fcc 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -1778,7 +1778,8 @@ int main(int argc, char **argv) { | |||
| 1778 | signal (SIGTERM, my_handler); | 1778 | signal (SIGTERM, my_handler); |
| 1779 | 1779 | ||
| 1780 | // wait for the child to finish | 1780 | // wait for the child to finish |
| 1781 | waitpid(child, NULL, 0); | 1781 | int status = NULL; |
| 1782 | waitpid(child, &status, 0); | ||
| 1782 | 1783 | ||
| 1783 | // free globals | 1784 | // free globals |
| 1784 | #ifdef HAVE_SECCOMP | 1785 | #ifdef HAVE_SECCOMP |
| @@ -1799,7 +1800,13 @@ int main(int argc, char **argv) { | |||
| 1799 | } | 1800 | } |
| 1800 | } | 1801 | } |
| 1801 | 1802 | ||
| 1802 | myexit(0); | 1803 | if (WIFEXITED(status)){ |
| 1804 | myexit(WEXITSTATUS(status)); | ||
| 1805 | } else if (WIFSIGNALED(status)) { | ||
| 1806 | myexit(WTERMSIG(status)); | ||
| 1807 | } else { | ||
| 1808 | myexit(0); | ||
| 1809 | } | ||
| 1803 | 1810 | ||
| 1804 | return 0; | 1811 | return 0; |
| 1805 | } | 1812 | } |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index d43e1dac1..cc01c87ae 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
| @@ -130,11 +130,11 @@ static void chk_chroot(void) { | |||
| 130 | exit(1); | 130 | exit(1); |
| 131 | } | 131 | } |
| 132 | 132 | ||
| 133 | static void monitor_application(pid_t app_pid) { | 133 | static int monitor_application(pid_t app_pid) { |
| 134 | int status; | ||
| 134 | while (app_pid) { | 135 | while (app_pid) { |
| 135 | usleep(20000); | 136 | usleep(20000); |
| 136 | 137 | ||
| 137 | int status; | ||
| 138 | pid_t rv; | 138 | pid_t rv; |
| 139 | do { | 139 | do { |
| 140 | rv = waitpid(-1, &status, 0); | 140 | rv = waitpid(-1, &status, 0); |
| @@ -172,6 +172,9 @@ static void monitor_application(pid_t app_pid) { | |||
| 172 | printf("Sandbox monitor: monitoring %u\n", app_pid); | 172 | printf("Sandbox monitor: monitoring %u\n", app_pid); |
| 173 | } | 173 | } |
| 174 | 174 | ||
| 175 | // return the latest exit status. | ||
| 176 | return status; | ||
| 177 | |||
| 175 | #if 0 | 178 | #if 0 |
| 176 | // todo: find a way to shut down interfaces before closing the namespace | 179 | // todo: find a way to shut down interfaces before closing the namespace |
| 177 | // the problem is we don't have enough privileges to shutdown interfaces in this moment | 180 | // the problem is we don't have enough privileges to shutdown interfaces in this moment |
| @@ -681,7 +684,13 @@ int sandbox(void* sandbox_arg) { | |||
| 681 | start_application(); // start app | 684 | start_application(); // start app |
| 682 | } | 685 | } |
| 683 | 686 | ||
| 684 | monitor_application(app_pid); // monitor application | 687 | int status = monitor_application(app_pid); // monitor application |
| 685 | 688 | ||
| 686 | return 0; | 689 | if WIFEXITED(status) { |
| 690 | // if we had a proper exit, return that exit status | ||
| 691 | return WEXITSTATUS(status); | ||
| 692 | } else { | ||
| 693 | // something else went wrong! | ||
| 694 | return -1; | ||
| 695 | } | ||
| 687 | } | 696 | } |